Does anyone have a working firewall config for an 871 router with SSL VPN that allows remote VPN users connecting with the SSL full tunnel svc to access everything on the office lan while also allowing local users full access to the internet. So far I have been unable to make this work. Using the firewall wizard in SDM breaks both the access through the SSL tunnel and blocks users on the local network from accessing the Internet. I also tried a sample firewall config I had found but that did not work either. I really need to get this locked down. I followed a previous suggestion to add virtual template support and re-enable the zone-based firewall but it still broke access in both directions even though the wizard recognizes the SSL firewall and adds exceptions. I don't understand why this is so difficult to set up. I really need to finish this project and any suggestions would be welcome. Attached is current config that works with no firewall enabled. I have the latest IOS and Anyconnect client from June. Thanks.
I got it that time...thanks. I used this document as reference when constructing the VPN, which works fine. It's when attempting to enable the firewall on the router that everything stops working. The config example at the end of the doc looks like mine with no firewall configured which works. I'm looking for a config example that has either the CBAC or zone-based firewall enabled where the VPN still works since the SDM firewall wizard seems to completely break it. Thanks.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :